= Proposed Self Contained Change: NSS enforces the system-wide crypto policy = https://fedoraproject.org/wiki/Changes/NSSCryptoPolicies Change owner(s): * Nikos Mavrogiannopoulos <nmav AT redhat DOT com> As it is now, the System-wide crypto policy in F24 is only enforced by the OpenSSL and GnuTLS TLS libraries. To harmonize crypto in Fedora, NSS is enhanced to respect the settings of the system-wide crypto policy as well. == Detailed Description == As it is now, the System-wide crypto policy in F24 is only enforced by the OpenSSL and GnuTLS TLS libraries. To harmonize crypto in Fedora, NSS is enhanced to respect the settings of the system-wide crypto policy as well. After that change the administrator should be assured that any application that uses NSS will follow a policy that adheres to the configured profile. == Scope == * Proposal owners: The change requires modifying the NSS library to read a policy generated by the crypto-policy package. * Other developers: There are no required actions by other developers. The change requires only targeted changes to NSS. * Release engineering: No actions required. * Policies and guidelines: - The packaging guidelines for crypto policies need to be modified to include NSS in the list of libraries supporting the policies. - The text "(note that adherence to the system-wide policies is work in progress for NSS libraries)" must be removed - The text "Currently the policies are restricted to applications using GnuTLS and OpenSSL" must be changed to include NSS. * Trademark approval: N/A (not needed for this Change) -- Jan Kuřík Platform & Fedora Program Manager Red Hat Czech s.r.o., Purkynova 99/71, 612 45 Brno, Czech Republic -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx
